jbampton opened a new pull request, #2579: URL: https://github.com/apache/sedona/pull/2579
Enforces security best practices by requiring a minimum age for new dependency releases before they are automatically updated by Dependabot. This practice, known as a "cooldown period," helps mitigate supply chain attacks by allowing time for frequently published malicious packages to be identified. https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#cooldown- ## Did you read the Contributor Guide? - Yes, I have read the [Contributor Rules](https://sedona.apache.org/latest/community/rule/) and [Contributor Development Guide](https://sedona.apache.org/latest/community/develop/) ## Is this PR related to a ticket? - No: - this is a CI update. The PR name follows the format `[CI] my subject` ## What changes were proposed in this PR? Described above ## How was this patch tested? ## Did this PR include necessary documentation updates? - No, this PR does not affect any public API so no need to change the documentation. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
